<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="admin"; // Mysql password 
$db_name="HOPEWw"; // Database name 
$tbl_name="employee"; // Table name 



// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

 
// To protect MySQL injection 
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE emp_Username='$myusername' and emp_Password='$mypassword'";
$result=mysql_query($sql);



// Mysql_num_row is counting table row
$count=mysql_num_rows($result);


// If result matched $myusername and $mypassword, table row must be 1 row
if($count!=0  )
{
    while ($row = mysql_fetch_assoc($result))
    {
        $db_myusername = $row['emp_Username'];
        $db_mypassword = $row['emp_Password'];
        
    }
    if(strcasecmp($myusername, $db_myusername)===0 && $mypassword==$db_mypassword)
    {

    // Register $myusername, $mypassword and redirect to file "login_success.php"
        $_Session['myusername']= $myusername;
        $_Session['mypassword'] = $mypassword ; 
        header("location:addECD.php");
    }
}
else  
    
echo "Wrong Username or Password";




?>
